PT-2026-44569

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in WebCodecs, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a...

PT-2026-44647

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A heap buffer overflow occurs in WebCodecs, which is an API that allows developers to access low-level hardware-accelerated codecs for video and audio. This issue enables a remote...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability. This vulnerability stemmed from a heap buffer overflow issue in the WebCodecs component, which could allow remote attackers to execute arbitrary code withi...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from a problem with reuse after release in WebCodecs, which could allow remote attackers to execute arbitrary code...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

TencentOS Server 3: thunderbird (TSSA-2026:0381)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0381 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Astra Linux - уязвимость в chromium

The use of WebCodecs with “after free” in Google Chrome before version 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of WebCodecs with “after free” in Google Chrome before version 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...

ROS-20260520-73-0047

A vulnerability in the WebCodecs component of the Google Chrome web browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260520-73-0059

A vulnerability in the WebCodecs component of Google Chrome browser is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service using a specially crafted HTML page...

ROS-20260520-73-0049

A vulnerability in the WebCodecs component of the Google Chrome web browser is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data or cause a denial of service via a specially crafted HTML...

Amazon Linux 2023 : firefox (ALAS2023-2026-1652)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1652 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654...

ALSA-2026:19348 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

Mozilla Thunderbird < 151.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 151.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-50 advisory. - Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence...

ROS-20260515-73-0027

A vulnerability in the WebCodecs component of Google Chrome and Microsoft Edge browsers is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

MiracleLinux 9 : thunderbird-140.10.0-1.el9_7.ML.1 (AXSA:2026-616:11)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-616:11 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3290 (ALAS-2026-3290)

The version of thunderbird installed on the remote host is prior to 140.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3290 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic i...

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2026:1741-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1741-1 advisory. This update for MozillaThunderbird fixes the following issues Updated to Mozilla Thunderbird 140.10.1: MFSA...

Updated thunderbird packages fix security vulnerabilities

Use-after-free in the DOM: Core & HTML component. CVE-2026-6746 Use-after-free in the WebRTC component. CVE-2026-6747 Uninitialized memory in the Audio/Video: Web Codecs component. CVE-2026-6748 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. CVE-2026-6749...

CVE-2026-7982

An uninitialized use flaw was found in the WebCodecs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497952533...